The Perils of Today’s Approach on Access Governance: Start Protecting Data at Source
- LANGUAGE: English DATE: Tuesday, March 10, 2020 TIME: 4:00pm CET, 11:00am EST, 8:00am PST
Protecting sensitive, valuable data is a must for every organization. Ever-increasing cyber-attacks and ever-tightening regulations mandate businesses to take action. Unfortunately, the common approaches of IGA (Identity Governance and Administration) that focus on managing static entitlements for systems and applications fall short in really securing the data at risk. They fail in managing data in motion. They are static. They don’t manage the usage of data well. Not to speak of all the challenges in role management projects and around regular access reviews.
It is not that IGA is obsolete. But, specifically for data with high risk, it is just not sufficient. Data-centric security complements IGA. It protects what needs to be protected – the document, the data. IGA tries to work indirectly by prohibiting access, but data-centric security sits directly on the file. It is not that data-centric security is new. Technologies are out for years. Even though data-centric security has been out there for years, it is now that we observe a significant uptake, and it is time for businesses to act on this and extend their security beyond IGA to data-centric security.
Nowadays, many of the challenges of data-centric security are solved. Technologies are straightforward to implement and far simple to use, specifically when policy management is done pragmatically. However, data-centric security impacts the users and thus needs to be well-planned, with the education of users and clear reasons for when, why, and how to use it.
In this KuppingerCole webinar, we will look at exactly these aspects:
- Why, when, and how to use data-centric security.
- Access Governance redefined: The need for a broader scope, beyond static entitlements on systems and applications
- The role of data-centric security in future IAM and Access Governance
- The potential of data-centric security: Why is it the ultimate security?
- Risk-based approaches for data-centric security: Balancing security and convenience
- Doing data-centric security right: Pragmatic approaches on policies
In the first part of the webinar, Martin Kuppinger, co-founder of KuppingerCole, will talk about re-scoping Access Governance and the role of data-centric security in future IAM and Access Governance. He will also look at regulations that drive the need for data-centric security.
In the second part of the webinar, Vishal Gupta, Founder and CEO of Seclore, will compare data-centric security to other technologies and talk about how to do data-centric security right. He specifically will look at the human factors and approaches for efficient policy management.
Seclore’s Data-Centric Security Solution enables organizations to remotely enforce and audit who can view, edit, copy, screen grab, and re-distribute files. These granular, persistent usage controls stay with the document wherever it travels, both within and outside of the organization’s borders. The document owner can also remotely modify and revoke access to files after distribution.
Recipients can access protected documents either using an agent or agentless mode, making it very easy to adopt and extend the power of Seclore FileSecure beyond the perimeter of the organization. The solution is device and transmission agnostic, including support for both iOS and Android mobile devices.
Connectors for Mail/Messaging, ECM, ERP, DLP and other systems makes it easy to automatically protect emails/attachments, documents being downloaded from systems, and sensitive information that is discovered by DLP offerings. A robust SDK and APIs make it very easy to add data-centric security to any corporate system or technology.
A complete log of the document flow and its usage is maintained centrally in line with the recommendations of ISO 27001 or SOX 404. This data-centric audit trail enables organizations to simplify governance, audits, and compliance reporting. With nearly 4 million users across 400 companies in 22 countries, Seclore is helping organizations achieve their data security, governance, and compliance objectives.
Access Governance-Tools sind in der heutigen Business-IT ein unverzichtbares Element. Sie dienen dem Management von Benutzer- und Berechtigungsworkflows, der Vergabe von Zugangsrechten, der Durchführung von Kampagnen zur Zugriffszertifizierung und der Implementierung und Prüfung von Controls für die Funktionstrennung (SOD). Mit einer wachsenden Zahl von Business-Applikationen, gerade auch aus der Cloud, und ihrer Vernetzung wächst die Herausforderung, Access Governance übergreifend und automatisiert umzusetzen.